IBM Rational Build Forge version 8.0.x is affected by CVE-2021-36160
CVEID:CVE-2021-36160
**DESCRIPTION:**Apache HTTP Server is vulnerable to a denial of service, caused by an out-of-bounds read in mod_proxy_uwsgi. By sending a specially crafted request uri-path, a remote attacker could exploit this vulnerability to read above the allocated memory and cause the server to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209524 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
Build Forge | 8.0 - 8.0.0.20 |
You must download the fix pack specified in the following table and apply it.
Affected Supporting Product(s)
|
Remediation/Fix
—|—
IBM Rational Build Forge 8.0 to 8.0.0.20
|
Download IBM Rational Build Forge 8.0.0.21.
The fix includes Apache-HTTP-Server-2.4.52
None
CPE | Name | Operator | Version |
---|---|---|---|
rational build forge family | eq | 8.0.0.21 |